From training to real impact: how the ICS laboratory at KPI helped improve the security of industrial systems
In August 2024, a training laboratory for the cybersecurity of automated control systems (ICS laboratory) was opened at the Igor Sikorsky KPI Institute of Physics and Technology. It was created with the support of the “Cybersecurity of Ukraine's Critical Infrastructure” project to train specialists capable of effectively countering cyber threats in industry, energy, water supply, and other important areas.
From September 2024 to June 2025, 206 cybersecurity specialists from more than 45 critical infrastructure facilities (CIFs) representing more than 11 sectors — from energy and transport to water supply — underwent training at the ICS laboratory. The lab recreates the real environment of industrial control systems, allowing participants to work with realistic threat scenarios: simulating cyberattacks, studying system behavior, identifying and eliminating vulnerabilities — all in conditions that are as close as possible to real-world production environments.
It was during such training that a student of the Educational and Scientific Institute of Physics and Technology (Institute of FTI), Dmitry Krygin, discovered a serious vulnerability in the real industrial controller ifm SIS (model AC402S) — a device used to build safety systems of the highest level of responsibility (compliant with SIL 3 and PL e standards) in manufacturing facilities around the world.
While working with the controller, Dmitry discovered the technical features of the potential threat, contacted the manufacturer himself, and provided detailed information about the problem.
The vulnerability found was assigned the international identifier CVE-2024-8419, with a severity rating of 7.5 out of 10 (high), and was officially published in the CVE vulnerability database, an international catalog of cyber threats. Thanks to the vulnerability report, the manufacturer is expected to release an update that will eliminate the threat to devices already in use at hundreds of facilities around the world.
Dmytro Krygin joined the ICS laboratory from the very beginning, while the equipment provided by the Cybersecurity Project was still being installed. First as a student and later as an assistant at the ICS lab, he helped assemble and configure equipment, prepared training materials for critical infrastructure operators, and conducted one of the training days together with chief instructor Mykola Ilyin.
Dmytro also completed one of the most renowned and demanding international courses in the field of industrial system security — SANS ICS515: ICS Active Defense and Incident Response, which focuses on detecting, responding to, and neutralizing cyber threats in SCADA and OT environments.
This is a striking example of how training at the ICS lab not only develops critical skills but also directly enhances the security of industrial systems, both in Ukraine and beyond.